CIT Accomplishments and Plans - Computing at Cornell - Cornell ...
CIT Accomplishments and Plans - Computing at Cornell - Cornell ...
CIT Accomplishments and Plans - Computing at Cornell - Cornell ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
17<br />
D<strong>at</strong>a Discovery Tools<br />
To support both the campus-wide<br />
d<strong>at</strong>a discovery effort <strong>and</strong> <strong>CIT</strong> IT Security<br />
incident response <strong>and</strong> analysis,<br />
Spider 2008 <strong>and</strong> IdentityFinder have<br />
been made available to the campus<br />
community .<br />
Spider 2008 is a fundamental<br />
redesign of Spider software we’ve<br />
had for years . In contrast to previous<br />
versions, which were built around an<br />
IT-directed scan model, Spider is a<br />
self-service system . End-users should<br />
be able to scan their own machines<br />
<strong>and</strong> take wh<strong>at</strong>ever remedial actions are<br />
appropri<strong>at</strong>e .<br />
The redesign of Spider is an<br />
outgrowth of interest from <strong>Cornell</strong><br />
<strong>and</strong> other Spider user sites to develop<br />
something usable by a casual person,<br />
with minimal IT support . Fe<strong>at</strong>urewise,<br />
Spider 2008 is complete . Several<br />
universities have expressed an interest<br />
in centralized reporting, though . For<br />
more inform<strong>at</strong>ion, see<br />
cit.cornell.edu/services/spider/ .<br />
In addition to upd<strong>at</strong>ing Spider for<br />
end-user availability, we licensed<br />
approxim<strong>at</strong>ely 10,000 copies of<br />
IdentityFinder for both PC <strong>and</strong> Mac .<br />
With powerful centralized reporting,<br />
excellent Outlook integr<strong>at</strong>ion, <strong>and</strong><br />
easy deployment, IdentityFinder<br />
significantly augments our d<strong>at</strong>a<br />
discovery <strong>and</strong> incident response<br />
capabilities . For more inform<strong>at</strong>ion, see<br />
cit.cornell.edu/services/idfinder/ .<br />
Enhancements to Campus<br />
Incident Response Program<br />
Previously, when a system was<br />
compromised, IT Security was required<br />
to capture an image of the entire drive,<br />
run Spider on th<strong>at</strong> image, search for<br />
signs of malware, <strong>and</strong> then laboriously<br />
go through a process to gauge risk of<br />
d<strong>at</strong>a loss . This process could disrupt a<br />
department’s work, because it would<br />
often keep a machine out of service<br />
for several days . Additionally, modern<br />
varieties of malware are significantly<br />
smarter <strong>and</strong> more flexible than when<br />
our procedures were developed .<br />
When a system th<strong>at</strong> may hold<br />
confidential d<strong>at</strong>a is compromised,<br />
we’re oblig<strong>at</strong>ed to analyze the affected<br />
system to help inform DIRT (D<strong>at</strong>a Loss<br />
Incident Response Team), a group<br />
representing various campus offices<br />
th<strong>at</strong> decides wh<strong>at</strong> action the university<br />
should take in the event of a d<strong>at</strong>a<br />
breach . An ongoing project within IT<br />
Security is to develop a new process<br />
th<strong>at</strong> should allow us to g<strong>at</strong>her more<br />
d<strong>at</strong>a, faster, while minimizing our<br />
impact on department oper<strong>at</strong>ions . This<br />
new process also means we quickly get<br />
an accur<strong>at</strong>e, inform<strong>at</strong>ive alert to DIRT .<br />
“Flush the Phish” awareness m<strong>at</strong>erials remind students to keep their NetIDs priv<strong>at</strong>e .<br />
Easier Password Management<br />
The password complexity<br />
requirement was first implemented in<br />
2005 . Since then, <strong>Cornell</strong>’s alumni <strong>and</strong><br />
trustee community have been brought<br />
on board with the use of NetIDs to<br />
access <strong>Cornell</strong> services .<br />
Feedback provided from those<br />
customers <strong>and</strong> the offices serving them<br />
demonstr<strong>at</strong>es th<strong>at</strong> coming up with a<br />
password th<strong>at</strong> meets the requirements<br />
can be challenging <strong>and</strong> even<br />
frustr<strong>at</strong>ing . We began looking <strong>at</strong> ways<br />
to ease this task without sacrificing the<br />
added security of complex passwords .<br />
The changes made involved giving<br />
the user immedi<strong>at</strong>e feedback as they<br />
enter the characters th<strong>at</strong> make up the<br />
password . Users can tell <strong>at</strong> any time<br />
during the process which requirements<br />
they have yet to meet . Previously they<br />
would have to submit the proposed<br />
password before they received a “pass/<br />
fail” report .<br />
We also modified the restriction on<br />
dictionary words to make the use of<br />
passphrases possible . Some people find<br />
cre<strong>at</strong>ing a password th<strong>at</strong> is associ<strong>at</strong>ed<br />
with a phrase (a passphrase) easier to<br />
remember . By virtue of its length, a<br />
passphrase is stronger than a password .<br />
If the dictionary word is less than five<br />
characters or makes up less than forty<br />
percent of the passphrase, it will be<br />
accepted .<br />
The use of complex passwords is<br />
an integral part of keeping university<br />
d<strong>at</strong>a <strong>and</strong> individual identities safe .<br />
Simplifying their use will add strong<br />
support for this security practice .